lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 1 May 2024 16:33:59 -0400
From: "Michael S. Tsirkin" <mst@...hat.com>
To: Edward Adam Davis <eadavis@...com>
Cc: syzbot+98edc2df894917b3431f@...kaller.appspotmail.com,
	linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [net?] [virt?] [kvm?] KASAN: slab-use-after-free Read
 in vhost_task_fn

On Tue, Apr 30, 2024 at 05:31:47PM +0800, Edward Adam Davis wrote:
> please test uaf in vhost_task_fn
> 
> #syz test https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git bb7a2467e6be
> diff --git a/kernel/vhost_task.c b/kernel/vhost_task.c
> index 48c289947b99..8800f5acc007 100644
> --- a/kernel/vhost_task.c
> +++ b/kernel/vhost_task.c
> @@ -61,8 +61,8 @@ static int vhost_task_fn(void *data)
>  		set_bit(VHOST_TASK_FLAGS_KILLED, &vtsk->flags);
>  		vtsk->handle_sigkill(vtsk->data);
>  	}
> -	complete(&vtsk->exited);
>  	mutex_unlock(&vtsk->exit_mutex);
> +	complete(&vtsk->exited);
>  
>  	do_exit(0);
>  }


OK so if rebased on latest master by linus then this patch is
sufficient. I squashed it in. Edward, thanks a lot for working
on this! I added Suggested-by tag if you like me to add your
S.O.B too I can do this.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ